Scam me if you can

In the late 1960s international scammer and impostor Frank Abagnale posed as a medical officer in an paediatric hospital in the US state of Georgia. As the senior resident on the night shift he worked in a supervisory role. Getting the junior staff to manage all the cases allowed him to escape detection for 11 months. Most of his medical knowledge was derived from watching Dr Kildare, the popular TV medical drama of the time. Seeking and “running with” the majority opinion proved to be a good tactic. We concur.

Between the ages of 16 and 21 Abagnale is also said to have impersonated a pilot, a prison officer, a university teaching assistant and a lawyer. He traveled around the world getting free accommodation and free flights as a co-pilot hitching a ride in the “jump seat”. He clocked up over one million miles and scammed $2.5 million through bank cheque fraud over this six-year period.

He was captured in 1969 in Montrichard by French police and served time in prison in France, Sweden and the USA. He escaped from custody twice.

After four years in an American prison he agreed that, in exchange for his freedom, he would work with the FBI on fraud detection.

After serving his time he used his natural talents and wealth of experience to provide fraud detection services to financial institutions around the world through a company he formed, Abagnale and Associates. He also lectured in fraud detection to FBI agents at their training Academy in Virginia.

Abagnale continues to be an active lecturer and investigator to this day. His work now focuses on cybersecurity and he recently gave this talk at Google. In it he speaks about his life but also comments on fraud in the age of the internet.

Hacking attacks take one of two forms. Flaws found in cryptographic algorithms or their implementation may make many websites and consumer applications vulnerable to compromise. These hackers can use these newfound vulnerabilities for nefarious purposes.

Such criminal hackers are referred to as crackers in traditional computer security circles. However, many talented security professionals now have gainful employment working for the cyberwarfaredepartments of their homelands.

How can one minimise the risk of attack from social engineering? Abagnale is bullish on Trusona, the passwordless authentication scheme used by the American security forces and companies around the world. A user logs onto the Trusona app on their mobile phone, authenticating with their fingerprint or other biometric identifier and then using the app they scan a Trusona QR code on the website that they are trying to access.

It does away with usernames and passwords. Instead it follows the recommended security practice of using two different forms of authentication. In Trusona’s case they are something you have (your mobile phone) and something you are (your fingerprint).

It is far superior cryptographically to many current schemes, particularly given the notoriously lax security employed by most end users. Subscribers can be confident in its use since it is endorsed by both the CIA and the world’s most famous living scammer.